BT ASSURE ETHICAL HACKING.

Vehicle Vulnerability Assessment.

Our Ethical Hacking services help you to determine your actual security posture together with remediation advice to mitigate associated risks. Let us help you identifying vulnerabilities in your vehicle(s) and supporting environment before cyber criminals do…

Our approach.

We have developed a standardised methodology for carrying out Ethical Hacking vulnerability assessments on all types of vehicles.

The first step is to determine the scope of your testing requirement. Depending on your preference we can perform an interview or share our questionnaire with you. Based on the answers, we may issue an Ethical Hacking Agreement together with a Statement of Work which describes the scope, deliverables, pre-requisites and pricing.

After approval from you, we begin the Ethical Hacking vulnerability assessment. During the vulnerability assessment, you will be told about the progress. After the actual testing has been performed, we will issue a preliminary report.

Within 10 days, we will present all the vulnerabilities we have identified in a final report. You can then review and request any changes. Any requested changes will be discussed with you. Upon agreement, the final report will be updated and re-issued. If you don’t make any changes within 10 days then the report will be considered complete.

The reporting of identified vulnerabilities and recommendations (status updates and final report) is based on our Ethical Hacking Center of Excellence's (ECHoE) own process and templates. In order to guarantee high quality output, all deliverables go through a peer and document quality review.

Vulnerability Assessment

A vehicle vulnerability assessment aims to identify security issues within the embedded systems in the vehicle itself. This vulnerability assessment involves the in-depth inspection of the embedded systems in the vehicle alongside its design and environmental architecture to identify the security threats and weaknesses. It may also include looking into the operation of running applications, its dependencies and interactions in an attempt to gather a complete view on the security posture. Some of the aspects covered as a part of this type of vulnerability assessment include:

>> Auditing - assess if the embedded systems in the vehicle are performing adequate auditing / logging procedures for important transactions for example modified infotainment or system firmware. We would verify if the security systems were able to adequately establish accountability and bus origin for example.

>> Authentication - assess if the embedded systems in the vehicle enforce authentication in order to update or make system configuration changes. Further enforcement of the security standards, such as tested encryption standards, authentication delays and cryptographically secure random number generation are checked.

>> Authorisation - segmentation of vehicle bus systems and adequate filtering of signals at bus gateways. Verification that signals designed for low speed buses will not work when broadcast on high speed buses and vice versa.

>> Cryptography - assess the areas where cryptography controls are implemented to verify the security effectiveness (encryption algorithm, key length, randomness, seeding, etc.) and to also check if cryptanalysis is possible - the focus would be data in transit and stored data segmentation.

>> Exception management - assess how the ECU is managing the conditions when the system runs into exceptions. These conditional may trigger the ECU into memory corruptions, memory leaks or expose inner working of the applications.

>> Host and network environment - assess the hosting environment, design architecture and external dependencies from a security stand point. The various external dependencies are examined to ensure that they are not a weak link in the overall security chain of the diagnostic or service protocol.

>> Data validation - assess how the infotainment unit, ECU and other modules are treating the data input and output procedures and approaches toward data sanitisation. Typically these are the sections where issues such as buffer overflows, impossible conditions and integer overflows would be validated. The various data pools inspected for such issues include public interfaces, user interface, database interaction, socket interaction, file I/O and pipes.

>> Logic error - assess if the ECU or (mobile) application(s) have any logic error which could for example lead to exception conditions. Typical issues that would be covered are boundary conditions, overlooking big / little endian architectures nuances and off-by-one errors.

Optional Penetration Testing?

During the vulnerability assessment activities, we may, on your request, attempt to exploit the identified vulnerabilities immediately. The ultimate goal for this step is to demonstrate the consequences of the vulnerabilities identified if exploited by an attacker.

Depending on the vulnerabilities, this type of testing would be performed under controlled conditions.

The results

During the testing, we will immediately report any high risk vulnerabilities identified via a status updates report. When the testing has been completed, you will receive a formal report that will contain:

>> A detailed explanation of the testing activities that have been completed and the methods used by us to determine the results

>> A listing of all the vulnerabilities of the embedded systems in the vehicle with a ranking of their level of risk based on the Common Vulnerability Scoring System (CVSS), the ease with which they can be exploited, and mitigating factors

>> An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of your policies, adoption of industry best practices, changes to security processes and enhancement to the architecture of the embedded systems in the vehicle.

Within 10 days after the conclusion of testing, we will present all identified vulnerabilities to you in a final report.

Other risks to consider

Next to the vehicle there are other areas which might need your attention. For example the mobile applications developed for connecting to the vehicle and exchange information or have the ability to activate certain functions.

This might include the central repository where all information is uploaded as well. Other developments include telematics dongles which are plugged into the network of the vehicle to perform remote control or exchange information (by fleet owners).

Why BT?

Put your Ethical Hacking need into expert hands. We are one of the world’s leading and most trusted security brands, derived from a set of credentials that have been earned over decades of experience in the field:

>> Our customers have the advantage of a partner with a broad view and enormous experience in every market segment which a local supplier lacks.

>> Being a network operator we have specific and in-depth knowledge of network infrastructure devices and as a large company we use many server and workstation platforms, mobile devices as well as all kinds of applications. These are thoroughly tested by our Ethical Hacking capability before being deployed on our network infrastructure, on which many international customers rely.

>> Holding the ISO9001 certification since July 2003 shows our long term commitment to continuously improve the quality of our services. • Other relevant accreditation programs are CESG CHECK, ANSSI PASSI and the following CREST schemes: Penetration Testing and Simulated Target Attack & Response (STAR).

>> We are one of the largest security and business continuity practices in the world, with more than 2,500 security consultants and professionals globally that has been offering security and business continuity expertise to our customers for many years.

>> We are one of only a few organisations providing integrated network and security solutions both commercially and technically.

>> Analyst-recognised capability: “for the growing number of enterprises seeking a broader, integrated solution rather than treating security as an isolated silo, BT can offer a one-stop-shop security experience”